Only run a single post-auth when using inner-tunnel
Phil Mayers
p.mayers at imperial.ac.uk
Mon Mar 7 12:08:28 CET 2011
On 07/03/11 10:10, paul smith wrote:
> Is there some way I can tell the server not to run things in the
> default post-auth, if the request has been through the inner-tunnel?
>
> I'm thinking putting something like the following in the default
> post-auth section
>
> if (!proxy-reply:Packet-Type == "Access-Accept") {
> radius-user-auth
> }
How about:
post-auth {
if (!EAP-Message) {
...the exec module
}
}
>
> However this always evaluates as true, even though I can see the
> inner-tunnel authenticating successfully.
Inner tunnel is not proxying, so proxy-reply is always empty, hence
evaluates to "true". Don't confusing proxying with EAP phases.
More information about the Freeradius-Users
mailing list